Cisco ASR 5700 on StarOS Packet Processor IP Fragment input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.3 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Cisco ASR 5700 on StarOS. This affects an unknown function of the component Packet Processor. Executing a manipulation as part of IP Fragment can lead to input validation. This vulnerability is tracked as CVE-2018-0239. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.
Details
A vulnerability was found in Cisco ASR 5700 on StarOS (Router Operating System) (version unknown). It has been declared as problematic. This vulnerability affects an unknown function of the component Packet Processor. The manipulation as part of a IP Fragment leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect availability. CVE summarizes:
A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385.
The bug was discovered 04/18/2018. The weakness was disclosed 04/19/2018 as cisco-sa-20180418-staros as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability was named CVE-2018-0239 since 11/27/2017. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 109400 (Cisco ASR StarOS Interface Forwarding Denial of Service Vulnerability (cisco-sa-20180418-staros)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l.
Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (109400) and SecurityFocus (BID 103923†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.4VulDB Meta Temp Score: 6.3
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 109400
Nessus Name: Cisco ASR StarOS Interface Forwarding Denial of Service Vulnerability (cisco-sa-20180418-staros)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/27/2017 🔍04/18/2018 🔍
04/18/2018 🔍
04/18/2018 🔍
04/19/2018 🔍
04/19/2018 🔍
04/21/2018 🔍
04/27/2018 🔍
03/03/2023 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180418-staros
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-0239 (🔍)
GCVE (CVE): GCVE-0-2018-0239
GCVE (VulDB): GCVE-100-116872
SecurityFocus: 103923 - Cisco StarOS for ASR 5000 Series Routers CVE-2018-0239 Denial of Service Vulnerability
SecurityTracker: 1040720
Entry
Created: 04/21/2018 16:12Updated: 03/03/2023 14:07
Changes: 04/21/2018 16:12 (68), 01/30/2020 07:06 (6), 03/03/2023 14:07 (4)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.